How it works...
HTA stands for HTML Application, which is a format that allows for the execution of code within a web browser but without the constraints of the browser security model; it is like running a fully trusted application, like the browser itself or MS Word.
In this recipe, we used Metasploit to generate a malicious HTA file and set up a server to host it. Our malicious file contained a reverse shell; a reverse shell is a program that, when executed by the victim, will establish a connection back to the attacker's server (that's why it is called reverse), as opposed to opening a port in the victim to wait for an incoming connection. When this connection is completed, a command execution session (a remote shell) is established.
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access